IBM HTTP Server help: SSL environment variables
SSL environment variables
SSL-specific environment variables are exposed to CGI applications and SSI-processed pages. The variables can be effectively broken into three types:
If a valid SSL request is made, the SSL handshake environment variables and the server certificate environment variables will be set. If client authentication is set to either optional or require , the client certificate environment variables will be set.
HTTPS
Description: used to show if connection is an SSL connection
Values: string contains either "ON" or "OFF" - "ON" if the connection is an SSL connection, "OFF" otherwise.
SSL_PROTOCOL_VERSION
Description: contains the protocol version
Values: string containing either "SSLV2" or "SSLV3"
HTTPS_KEYSIZE
Description: size of the key
Values: see the table below
HTTPS_SECRETKEYSIZE
Description: actual strength of the key
Values: see the table below
For SSL V3:
Cipher Suite Key size Secret key size
---------------------------------------------------------------
SSL_RSA_WITH_NULL_MD5 0 0
SSL_RSA_WITH_NULL_SHA 0 0
SSL_RSA_EXPORT_WITH_RC4_40_MD5 128 40
SSL_RSA_WITH_RC4_128_MD5 128 128
SSL_RSA_WITH_RC4_128_SHA 128 128
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 128 40
SSL_RSA_WITH_DES_CBC_SHA 64 56
SSL_RSA_WITH_3DES_EDE_CBC_SHA 192 168
SSL_NULL_WITH_NULL_NULL 0 0
For SSL V2:
Cipher Suite Key size Secret key size
---------------------------------------------------------------
RC4_128_WITH_MD5 128 128
RC4_128_EXPORT40_WITH_MD5 128 40
RC2_128_CBC_WITH_MD5 128 128
RC2_128_CBC_EXPORT40_WITH_MD5 128 40
DES_64_CBC_WITH_MD5 64 56
DES_192_EDE3_CBC_WITH_MD5 192 168
SSL_SERVER_DN
Description: contains the distinguished name of the server certificate used in the ip-based virtual host which received the request
Values: string or empty
SSL_SERVER_O
Description: contains the organization attribute of the server certificate
Values: string or empty
SSL_SERVER_OU
Description: contains the organizational unit attribute of the server certificate
Values: string or empty
SSL_SERVER_CN
Description: contains the common name attribute of the server certificate
Values: string or empty
SSL_SERVER_C
Description: contains the country attribute of the server certificate
Values: string or empty
SSL_SERVER_L
Description: contains the locality attribute of the server certificate
Values: string or empty
SSL_SERVER_ST
Description: contains the state or province attribute of the server certificate
Values: string or empty
SSL_SERVER_EMAIL
Description: contains the email attribute of the server certificate
Values: string or empty
SSL_CLIENT_DN
Description: contains the distinguished name from the client certificate
Values: string or empty
SSL_CLIENT_O
Description: contains the client certificate organization
Values: string or empty
SSL_CLIENT_OU
Description: contains the client certificate organizational unit
Values: string or empty
SSL_CLIENT_CN
Description: contains the client certificate common name
Values: string or empty
SSL_CLIENT_C
Description: contains the client certificate country
Values: string or empty
SSL_CLIENT_L
Description: contains the client certificate locality
Values: string or empty
SSL_CLIENT_ST
Description: contains the client certificate state or province
Values: string or empty
SSL_CLIENT_EMAIL
Description: contains the client certificate email
Values: string or empty
SSL_CLIENT_IDN
Description: contains the client certificate issuer's distinguished name
Values: string or empty
SSL_CLIENT_IO
Description: contains the client certificate issuer's organization
Values: string or empty
SSL_CLIENT_IOU
Description: contains the client certificate issuer's organizational unit
Values: string or empty
SSL_CLIENT_ICN
Description: contains the client certificate issuer's common name
Values: string or empty
SSL_CLIENT_IC
Description: contains the client certificate issuer's country
Values: string or empty
SSL_CLIENT_IL
Description: contains the client certificate issuer's locality
Values: string or empty
SSL_CLIENT_IST
Description: contains the client certificate issuer's state or province
Values: string or empty
SSL_CLIENT_IEMAIL
Description: contains the client certificate issuer's email
Values: string or empty
SSL_CLIENT_CERTBODY
Description: contains the client certificate
Values: string containing the complete client certificate as a string
SSL_CLIENT_CERTBODYLEN
Description: contains the length of the client certificate
Values: integer
SSL_CLIENT_SESSIONID
Description: contains the session ID
Values: string or empty
SSL_CLIENT_NEWSESSIONID
Description: used to show if this session ID is new
Values: string containing "TRUE" or "FALSE"
SSL_CLIENT_SERIALNUM
Description: contains the client certificate serial number
Values: string or empty